Lucene search
+L

371 matches found

osv
osv
added 2026/04/17 4:43 p.m.3 views

CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

7.1CVSS6.1AI score0.00356EPSS
Exploits0References6
cve
cve
added 2026/04/17 4:43 p.m.20 views

CVE-2026-40518

Summary: ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation due to bypassed agent name validation. This allows an attacker to supply traversal-style values or absolute paths as the agent name, influenci...

9.1CVSS5.9AI score0.00356EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/04/17 4:43 p.m.27 views

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

7.1CVSS5.9AI score0.00356EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/17 12:0 a.m.9 views

DeerFlow 安全漏洞

DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. DeerFlow has a security vulnerability, which stems from the bypass of agent name validation during the creation of custom agents in boot mode. This vulnerability may lead...

7.1CVSS5.9AI score0.00356EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/04/13 12:0 a.m.8 views

KubePlus 安全漏洞

KubePlus is an open-source Kubernetes multi-tenant application management platform developed by cloud-ark. Version 4.14 of KubePlus contains a security vulnerability. This vulnerability stems from the /registercrd endpoint in the kubeconfiggenerator component, which fails to clean up or validate...

8.8CVSS5.8AI score0.02183EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/04/12 12:0 a.m.8 views

Nsasoft SpotFTP Password Recover 安全漏洞

Nsasoft SpotFTP Password Recover is a tool developed by the NSASoft company in the United States, designed to recover saved account passwords from FTP clients. Version 2.4.2 of Nsasoft SpotFTP Password Recover contains a security vulnerability. This vulnerability stems from insufficient input...

6.9CVSS5.8AI score0.00205EPSS
Exploits1References2
github
github
added 2026/04/08 12:17 a.m.8 views

Hono missing validation of cookie name on write path in setCookie()

Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...

5.9AI score
Exploits0References4Affected Software1
cve
cve
added 2026/04/08 12:0 a.m.14 views

CVE-2025-50649

The CVE-2025-50649 entry affects D-Link DI-8003 devices (firmware 16.07.26A1). It is caused by a buffer overflow in the /shut_set.asp endpoint due to improper input validation of the vlan_name parameter. Reported as a denial of service risk in CNVD-2026-17631 and reflected in multiple feeds; CVSS...

7.5CVSS6.2AI score0.00516EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/04/03 3:27 a.m.4 views

GHSA-X2M8-53H4-6HCH OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...

2.3CVSS5.9AI score0.00222EPSS
Exploits0References4
github
github
added 2026/04/03 3:27 a.m.6 views

OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps

Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...

5.4CVSS5.8AI score0.00222EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2026/04/03 2:41 a.m.13 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

7.5CVSS6AI score0.0024EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/03/31 10:45 p.m.3 views

CVE-2026-34073

A flaw was found in the cryptography library. This vulnerability occurs because DNS Domain Name System name constraints were not properly validated against the "peer name" during certificate validation, only against Subject Alternative Names SANs within child certificates. This oversight could...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References4
pypa
pypa
added 2026/03/31 3:15 a.m.22 views

PYSEC-2026-35

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.7AI score0.00154EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/03/31 3:15 a.m.11 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS0.00154EPSS
Exploits0References1
osv
osv
added 2026/03/31 3:15 a.m.4 views

ALPINE-CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

5.3CVSS5.7AI score0.00154EPSS
Exploits0References1
osv
osv
added 2026/03/31 3:15 a.m.9 views

PYSEC-2026-35

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

5.3CVSS5.7AI score0.00154EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/03/31 3:15 a.m.7 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.7AI score0.00154EPSS
Exploits0References2
osv
osv
added 2026/03/31 3:15 a.m.6 views

UBUNTU-CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.7AI score0.00154EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/03/31 2:4 a.m.2 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.8AI score0.00154EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/03/31 2:4 a.m.1 views

CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References1
Rows per page
Query Builder